Ok, I will try to move to 4.7.
What do you mean by setting date and role?
Are you talking about the rules within the source?
These users are falling into a catch-all, I think since the username="host\
username.ad.davenport.edu" instead of simply "username" . I set role, and
active duration, that is all.
-
Pete Hoffswell - Network Manager
[email protected]
http://www.davenport.edu
On Wed, Mar 25, 2015 at 11:49 AM, Julien Semaan <[email protected]> wrote:
> That is still vulnerable to this.
>
> Make sure the date and role is set for the users and you'll be fine. 4.7
> fixes this for good.
>
>
> On 03/25/2015 11:39 AM, Pete Hoffswell wrote:
>
> AH! Yes. We are suffering from that problem now! Users are getting
> online with a default role, and an Owner name of "host/
> machinename.ad.davenport.edu"
>
> We are running 4.6.0
>
> -
> Pete Hoffswell - Network Manager
> [email protected]
> http://www.davenport.edu
>
>
> On Wed, Mar 25, 2015 at 11:32 AM, Julien Semaan <[email protected]>
> wrote:
>
>> Hi Pete,
>>
>> This has been fixed in a more recent version of PacketFence.
>>
>> It's that the machine (host/username.ad.davenport.edu) is not matching
>> any unregistration date or access duration.
>>
>> What version of PacketFence are you running ?
>>
>>
>> On 03/25/2015 10:57 AM, Pete Hoffswell wrote:
>>
>> Good morning.
>>
>> We are seeing this regularly in our packetfence log, and wonder how to
>> resolve. I am unsure if it is actually causing issues with our users.
>>
>> Mar 25 10:42:13 httpd.aaa(28070) INFO: [6c:88:14:xx:xx:xx] handling
>> radius autz request: from switch_ip => (10.1.49.6), connection_type =>
>> Wireless-802.11-EAP,switch_mac => (), mac => [6c:88:14:xx:xx:xx], port =>
>> 13, username => "host/username.ad.davenport.edu" (pf::radius::authorize)
>> Mar 25 10:42:13 httpd.aaa(28070) INFO: person host/
>> username.ad.davenport.edu modified to host/username.ad.davenport.edu
>> (pf::person::person_modify)
>> Mar 25 10:42:13 httpd.aaa(28070) INFO: autoregister a node that is
>> already registered, do nothing. (pf::node::node_register)
>> Mar 25 10:42:13 httpd.aaa(28070) INFO: Can't find provisioner for
>> 6c:88:14:xx:xx:xx (pf::vlan::getNormalVlan)
>> Mar 25 10:42:13 httpd.aaa(28070) WARN: The year was past, null or
>> undefined. We used current year (pf::config::dynamic_unreg_date)
>> Mar 25 10:42:20 httpd.aaa(28070) ERROR: radius authorize failed with
>> error: The 'month' parameter (undef) to DateTime::new was an 'undef', which
>> is not one of the allowed types: scalar
>> at /usr/lib64/perl5/vendor_perl/DateTime.pm line 201
>> DateTime::new(undef, 'year', 2015, 'month', undef, 'day', undef,
>> 'time_zone', 'DateTime::TimeZone::America::Detroit=HASH(0xxxx)', ...)
>> called at /usr/local/pf/lib/pf/config.pm line 914
>> pf::config::dynamic_unreg_date(undef) called at
>> /usr/local/pf/lib/pf/vlan.pm line 416
>> pf::vlan::getNormalVlan('pf::vlan::custom=HASH(0xxxx)',
>> 'pf::Switch::Cisco::WLC=HASH(0xxxx)', 13, '6c:88:14:xx:xx:xx',
>> 'HASH(0xxxx)', 385, 'host/username.ad.davenport.edu', 'DU',
>> 'HASH(0xxxx)', ...) called at /usr/local/pf/lib/pf/vlan.pm line 122
>> pf::vlan::fetchVlanForNode('pf::vlan::custom=HASH(0xxxx)',
>> '6c:88:14:xx:xx:xx', 'pf::Switch::Cisco::WLC=HASH(0xxxx)', 13, 385, 'host/
>> username.ad.davenport.edu', 'DU', 'HASH(0xxxx)', undef, ...) called at
>> /usr/local/pf/lib/pf/radius.pm line 182
>> pf::radius::authorize('pf::radius::custom=HASH(0xxxx)',
>> 'HASH(0xxxx)') called at /usr/local/pf/lib/pf/api.pm line 61
>> eval {...} called at /usr/local/pf/lib/pf/api.pm line 60
>> pf::api::radius_authorize('pf::api', 'NAS-Port-Type',
>> 'Wireless-802.11', 'Service-Type', 'Framed-User', 'Tunnel-Type', 'VLAN',
>> 'Called-Station-Id', 'e8:ba:70:xx:xx:xx:DU', ...) called at
>> /usr/local/pf/lib/pf/WebAPI/MsgPack.pm line 61
>> eval {...} called at /usr/local/pf/lib/pf/WebAPI/MsgPack.pm line
>> 60
>> pf::WebAPI::MsgPack::handler('pf::WebAPI::MsgPack=HASH(0xxxx)',
>> 'Apache2::RequestRec=SCALAR(0xxxx)') called at
>> /usr/local/pf/lib/pf/WebAPI.pm line 62
>> pf::WebAPI::handler('Apache2::RequestRec=SCALAR(0xxxx)') called
>> at -e line 0
>> eval {...} called at -e line 0
>> (pf::api::radius_authorize)
>>
>>
>> This is a wireless user connecting to an 802.1x network, with a backend
>> source of Active Directory.
>>
>> I wonder if there's a PF, radius, or AD setting that needs to be
>> tweaked.
>>
>>
>> -
>> Pete Hoffswell - Network Manager
>> [email protected]
>> http://www.davenport.edu
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for
>> all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Julien [email protected] :: +1.514.447.4918 *155 :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>> (www.packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub
>> for all
>> things parallel software development, from weekly thought leadership
>> blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Julien [email protected] :: +1.514.447.4918 *155 :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
